Confirmation of Payee/Payer API

Confirmation of Payee/Payer (CoP) is a UK-wide name‑checking service designed to reduce fraud and prevent misdirected payments. It validates whether the account name provided by a payer or payee matches the name held by the receiving bank or building society.

PayPoint integrates directly with Pay.UK to provide a modern CoP API supporting both:

  • Real‑time single CoP lookups

  • High‑volume batch lookup jobs

This enables clients to verify account details during onboarding, payment setup, or before initiating high‑value transactions.

What Confirmation of Payee Solves

Before CoP existed, clients would collect customer bank details (sort code, account number, and account name) and submit payments without any mechanism to confirm the name matched the account. This created significant risk of:

  • Accidental payments to incorrect recipients

  • Fraudulently misdirected payments

  • Unreliable customer-provided data during onboarding

CoP introduces a secure, industry‑wide verification layer to ensure the account name aligns with the account holder registered at the bank, dramatically reducing the risk of incorrect or fraudulent payments.

How Confirmation of Payee/Payer Works

CoP verifies the account holder’s name by querying the customer’s bank or building society. The responding institution makes the decision and returns a match result.

Useful CoP Behaviours

  • For personal accounts, the exact registered name must be provided.

  • For joint accounts, either name on the account may be supplied (order does not matter).

  • For business accounts, the registered company name or trading name must be provided.

  • Customers may opt out of CoP with their bank — in these cases, no positive/negative match will be returned.

All matching logic is performed by the customer’s own bank, not PayPoint.

CoP Process Flow

The typical CoP flow involves:

  1. Client submits account name + sort code + account number

  2. PayPoint routes the request to the responding bank

  3. Bank validates name and returns a match result

  4. Client decides whether to proceed, ask the user to correct the name, or block the transaction

CoP Process Flow

BACK TO TOP   ⇧

API Access & Documentation

The CoP API supports:

  • Singleton requests (real-time, synchronous)

  • Batch requests (asynchronous, polled results)

Full endpoint specifications are provided in the CoP API Documentation

BACK TO TOP   ⇧

FAQS

What are the difference between single and batch requests?

Singleton Requests

  • Fully synchronous

  • Typical response time: ~1 second (dependent on responding bank)

  • CoP scheme rules require a 3-second wait before retrying once

  • PayPoint timeout ≈ 7 seconds

  • Clients may set a shorter local timeout if desired

Batch Requests

  • Submitted as batch jobs

  • PayPoint serialises requests internally

  • Results are available once all individual checks complete

  • Client polls the batch results endpoint

  • Ideal for onboarding or nightly cleansing

What are the Rate limits?

Sandbox

The sandbox connects to the live CoP network, but is rate‑limited:

  • 10 requests per 60 seconds

  • 100 requests per day

Limits apply per x‑api‑key, shared across team members. Performance may be slower than production due to reduced scaling and cold‑start effects.

Production

  • 10 TPS per client for single requests

  • No submission limit for batch uploads

  • Batch processing runs at 20 TPS

  • Maximum batch file size: 2.7 MB (≈ 10,000 accounts)

How can we do automated testing?

The sandbox returns live CoP results, which may include personal data. For automated testing, PayPoint provides a complete set of canned responses using the dummy sort code 00‑00‑00. These are listed below at: Test Bank Account & Response

These simulate all possible CoP match outcomes without touching real customer data.

How does name matching work?

Name matching is controlled entirely by the responding bank. While scheme rules define minimum expectations, banks may handle edge cases differently.

Banks cannot return “No Match” when:

  • First name and surname are reversed

  • Family name matches and the provided first name is a common variant (e.g., William/Bill, Elizabeth/Liz)

  • First name contains a single spelling error

  • Family name contains a single spelling error

Banks cannot return a “Full Match” unless:

  • Family name is an exact match

  • First character of the first name is correct

Banks may occasionally exceed these rules and return Full Match for slight deviations — behaviour varies by institution.

BACK TO TOP   ⇧

Test Bank Account Details & Responses

A set of dummy accounts is available under sort code 00‑00‑00, covering the full spectrum of CoP response codes. Using any valid live sort code will query real bank accounts and return genuine responses.